Delay‐aware privacy‐preserving location‐based services under spatiotemporal constraints

The ubiquitous use of location‐based services (LBS) through smart devices produces massive amounts of location data. An attacker, with an access to such data, can reveal sensitive information about users. In this paper, we study location inference attacks based on the probability distribution of historical location data, travel time information between locations using knowledge of a map, and short and long‐term observation of privacy‐preserving queries. We show that existing privacy‐preserving approaches are vulnerable to such attacks. In this context, we propose a novel location privacy‐preserving approach, called KLAP, based on the three fundamental obfuscation requirements: minimum k ‐locations, l ‐diversity, and privacy a rea p reservation. KLAP adopts a personalized privacy preference for sporadic, frequent, and continuous LBS use cases. Specifically, it generates a secure concealing region (CR) to obfuscate the user's location and directs that CR to the service provider. The main contribution of this work is twofold. First, a CR pruning technique is devised to establish a balance between privacy and delay in LBS usage. Second, a new attack model called a long‐term obfuscated location tracking attack, and its countermeasure is proposed and evaluated both theoretically and empirically. We assess KLAP with two real‐world datasets. Experimental results show that it can achieve better privacy, reduced delay, and lower communication costs than existing state‐of‐the‐art methods.     

Secure and privacy‐preserving keyword search retrieval over hashed encrypted cloud data

Cloud computing (CC) is the universal area in which the data owners will contract out their pertinent data to the untrusted public cloud that permits the data users to retrieve the data with complete integrity. To give data privacy along with integrity, majority of the research works were concentrated on single data owner for secure searching of encrypted data via the cloud. Also, searchable encryption supports data user to retrieve the particular encrypted document from encrypted cloud data via keyword search (KS). However, these researches are not efficient for keyword search retrieval. To trounce such drawbacks, this paper proposes efficient secure and privacy‐preserving keyword search retrieval (SPKSR) system, in which the user retrieves the hashed encrypted documents over hashed encrypted cloud data. The proposed system includes three entities explicitly, (a) data owner (DO), (b) cloud server (CS), and (c) data users (DU). The owner outsources hashed encrypted documents set, along with generated searchable index tree to the CS. The CS hoards the hashed encrypted document collection and index tree structure. DU performs the “search” over the hashed encrypted data. Experimental results of the proposed system are analyzed and contrasted with the other existent system to show the dominance of the proposed system.     

Multiuser access control searchable privacy‐preserving scheme in cloud storage

Searchable encryption scheme‐based ciphertext‐policy attribute‐based encryption (CP‐ABE) is a effective scheme for providing multiuser to search over the encrypted data on cloud storage environment. However, most of the existing search schemes lack the privacy protection of the data owner and have higher computation time cost. In this paper, we propose a multiuser access control searchable privacy‐preserving scheme in cloud storage. First, the data owner only encrypts the data file and sets the access control list of multiuser and multiattribute for search data file. And the computing operation, which generates the attribute keys of the users' access control and the keyword index, is given trusted third party to perform for reducing the computation time of the data owner. Second, using CP‐ABE scheme, trusted third party embeds the users' access control attributes into their attribute keys. Only when those embedded attributes satisfy the access control list, the ciphertext can be decrypted accordingly. Finally, when the user searches data file, the keyword trap door is no longer generated by the user, and it is handed to the proxy server to finish. Also, the ciphertext is predecrypted by the proxy sever before the user performs decryption. In this way, the flaw of the client's limited computation resource can be solved. Security analysis results show that this scheme has the data privacy, the privacy of the search process, and the collusion‐resistance attack, and experimental results demonstrate that the proposed scheme can effectively reduce the computation time of the data owner and the users.     

IP2DM: integrated privacy‐preserving data management architecture for smart grid V2G networks

With the development of battery vehicles, vehicle‐to‐grid (V2G) networks are becoming more and more important in smart grid. Although battery vehicles are environmentally friendly and flexible to use two‐way communication and two‐way electricity flow, they also raise privacy‐preservation challenges, such as location and movement privacy. On the one hand, utility companies have to monitor the grid and analyze user data to control the power production, distribution, scheduling, and billing process, while typical users need to access their data later online. On the other hand, users are not willing to provide their personal data because they do not trust the system security of the utility companies where their data stored, and it may potentially expose their privacy. Therefore, in this paper, we study data management of V2G networks in smart grid with privacy‐preservation to benefit both the customers and the utility companies. Both data aggregation and data publication of V2G networks are protected in the proposed architecture. To check its security, we analyze this architecture in several typical V2G networks attacks. We conduct several experiments to show that the proposed architecture is effective and efficient, and it can enhance user privacy protection while providing enough information for utility companies to analyze and monitor the grid. Copyright © 2016 John Wiley & Sons, Ltd.     

On the security and improvement of privacy‐preserving 3‐factor authentication scheme for TMIS

The telecare medicine information system (TMIS) enables patients from different regions to remotely share the same telecare services, which significantly enhances the quality and effectiveness of medical treatment. On the other hand, patients' electronic health records usually involve their privacy information, they thus hesitate to directly transmit these information in TMIS over the public network due to the threat of privacy disclosure. The authenticated key agreement, as a core building of securing communications over the public network, is considered to be necessary for strengthening the security of TMIS. Recently, we note Zhang et al introduced a 3‐factor authenticated key agreement scheme for TMIS and asserted that the proposed scheme can resist various well‐known attacks. Unfortunately, in this paper, we point out that the scheme of Zhang et al cannot achieve the claimed security guarantees. Specifically, their scheme is vulnerable to offline password/identity guessing attack and user/server impersonation attack. To conquer the above security pitfalls, we put forward a new 3‐factor authenticated key agreement scheme with privacy preservation for TMIS. The security evaluation and performance discussion indicate that our scheme can be free from those well‐known and classical attacks including offline guessing attack and impersonation attack, without increasing additional computation cost when compared with related works. Consequently, the new authentication scheme would be more desirable for securing communications in TMIS.     

High energy‐efficient and privacy‐preserving secure data aggregation for wireless sensor networks

An efficient data process technology is needed for wireless sensor networks composed of many sensors with constrained communication, computational, and memory resources. Data aggregation is presented as an efficient and significant method to reduce transmitted data and prolong lifetime for wireless sensor networks. Meanwhile, many applications require preserving privacy for secure data aggregation. In this paper, we propose a high energy‐efficient and privacy‐preserving scheme for secure data aggregation. Because of the importance of communication overhead and accuracy, our scheme achieves less communication overhead and higher data accuracy besides providing for privacy preservation. For extensive simulations, we evaluate and conclude the performance of our high energy‐efficient and privacy‐preserving scheme. The conclusion shows that the high energy‐efficient and privacy‐preserving scheme provides better privacy preservation and is more efficient than existing schemes. Copyright © 2012 John Wiley & Sons, Ltd.     

OW‐SVM: Ontology and whale optimization‐based support vector machine for privacy‐preserved medical data classification in cloud

Cloud is a multitenant architecture that allows the cloud users to share the resources via servers and is used in various applications, including data classification. Data classification is a widely used data mining technique for big data analysis. It helps the learners to discover hidden data patterns by training massive data collected from the real world. Because this trained model is the private asset of an entity, it should be protected from all other noncollaborative entities. Therefore, it is essential to take effective measures to preserve the confidential data. The objective of this paper is to preserve the privacy of the confidential data in the cloud environment by introducing the medical data classification method. In view of that, this paper presents a method for medical data classification using a novel ontology and whale optimization‐based support vector machine (OW‐SVM) approach. Initially, privacy‐preserved data are developed adopting Kronecker product bat approach, and then, ontology is built for the feature selection process. Ontology and whale optimization‐based support vector machine is then proposed by integrating ontology and whale optimization algorithm into SVM, in which ontology and whale optimization algorithm is used for the feasible selection of kernel parameters. The experiment is done using 3 heart disease datasets, such as Cleveland, Switzerland, and Hungarian. In a comparative analysis, the performance of the OW‐SVM approach is compared with that of K‐nearest neighbor, Naive Bayes, decision tree, SVM, and OW‐SVM, using accuracy, sensitivity, specificity, and fitness, as the evaluation metrics. The OW‐SVM approach could achieve maximum performance with accuracy of 83.21%, the sensitivity of 91.49%, specificity of 73%, and fitness of 81.955, outperforming existing comparative techniques.     

MDPA: multidimensional privacy‐preserving aggregation scheme for wireless sensor networks

In this paper, we propose a novel multidimensional privacy‐preserving data aggregation scheme for improving security and saving energy consumption in wireless sensor networks (WSNs). The proposed scheme integrates the super‐increasing sequence and perturbation techniques into compressed data aggregation, and has the ability to combine more than one aggregated data into one. Compared with the traditional data aggregation schemes, the proposed scheme not only enhances the privacy preservation in data aggregation, but also is more efficient in terms of energy costs due to its unique multidimensional aggregation. Extensive analyses and experiments are given to demonstrate its energy efficiency and practicability. Copyright © 2009 John Wiley & Sons, Ltd.     

PRDA: polynomial regression‐based privacy‐preserving data aggregation for wireless sensor networks

In wireless sensor networks, data aggregation protocols are used to prolong the network lifetime. However, the problem of how to perform data aggregation while preserving data privacy is challenging. This paper presents a polynomial regression‐based data aggregation protocol that preserves the privacy of sensor data. In the proposed protocol, sensor nodes represent their data as polynomial functions to reduce the amount of data transmission. In order to protect data privacy, sensor nodes secretly send coefficients of the polynomial functions to data aggregators instead of their original data. Data aggregation is performed on the basis of the concealed polynomial coefficients, and the base station is able to extract a good approximation of the network data from the aggregation result. The security analysis and simulation results show that the proposed scheme is able to reduce the amount of data transmission in the network while preserving data privacy. Copyright © 2013 John Wiley & Sons, Ltd.     

Chaotic map‐based time‐aware multi‐keyword search scheme with designated server

The cloud storage service has been widely used in daily life because of its convenience. However, the service frequently suffers confidentiality problems. To address this problem, some efforts have been made on keyword search over encrypted data schemes. For instance, the chaotic‐based keyword search scheme over encrypted data has been proposed recently. However, the scheme just only support single‐ keyword search each time, which severely limits its utilization in cloud storage. This article proposes a novel chaotic‐based time‐aware multi‐keyword search scheme with designated server. Inner product similarity is adopted in our scheme to realize multiple keyword search and remove the constraint of single‐keyword search each time. Timed‐release encryption is integrated into the proposed scheme at the same time, which enables the data sender to specify the time when the cloud servers can search the encrypted data. Analysis indicates that our scheme not only can counter off‐line guessing attacks to the ciphertext and trapdoor, but also supports ranked search with a reasonable computational cost. Copyright © 2015 John Wiley & Sons, Ltd.     

A comparative study and workload distribution model for re‐encryption schemes in a mobile cloud computing environment

The researchers are using the various variations of re‐encryption schemes, which migrate the computational intensive re‐encryption jobs of mobile devices to the trusted entity/cloud. However, the messages are still encrypted and decrypted using the limited computational power of mobile devices. Our contribution in this paper is to propose a workload distribution model for re‐encryption schemes, which offloads the computational intensive operations, such as encryption and decryption on a trusted entity. Moreover, the proposed workload distribution model is compared with existing re‐encryption schemes of resource utilization on trusted entity and mobile device. The experimental results show substantial improvement in performance compared to the existing schemes.     

Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

门诊电子病历管理系统的设计与实现

门诊病历是医院病人就医很重要的组成部分,随着医院信息化的不断推进,开发出一款适合医院使用,方便病人就医,能和医院的其他系统很好衔接的门诊电子病历系统已十分必要。在此通过对医院门诊部门进行调研并借鉴大量相关资料,借助Java开发工具设计了可实用的门诊电子病历系统,其中包括系统功能模块的设计与数据库设计,实现了门诊电子病历流程的模块化管理,解决了原有的人工处理系统效率太低与难实现数据共享的问题。     

Enhanced security‐aware technique and ontology data access control in cloud computing

Nowadays, security and data access control are some of the major concerns in the cloud storage unit, especially in the medical field. Therefore, a security‐aware mechanism and ontology‐based data access control (SA‐ODAC) has been developed to improve security and access control in cloud computing. The model proposed in this research work is based on two operational methods, namely, secure awareness technique (SAT) and ontology‐based data access control (ODAC), to improve security and data access control in cloud computing. The SAT technique is developed to provide security for medical data in cloud computing, based on encryption, splitting and adding files, and decryption. The ODAC ontology is launched to control unauthorized persons accessing data from storage and create owner and administrator rules to allow access to data and is proposed to improve security and restrict access to data. To manage the key of the SAT technique, the secret sharing scheme is introduced in the proposed framework. The implementation of the algorithm is performed by MATLAB, and its performance is verified in terms of delay, encryption time, encryption time, and ontology processing time and is compared with role‐based access control (RBAC), context‐aware RBAC and context‐aware task RBAC, and security analysis of advanced encryption standard and data encryption standard. Ultimately, the proposed data access control and security scheme in SA‐ODAC have achieved better performance and outperform the conventional technique.     

Privacy‐preserving authentication protocols with efficient verification in VANETs

As an important component of intelligent transportation systems, vehicular ad hoc networks can provide safer and more comfortable driving circumstance for the drivers. However, communication security and privacy issues present practical concerns to the deployment of vehicular ad hoc networks. Although recent related studies have already addressed most of these issues, most of them have only considered a posteriori countermeasures or a priori countermeasures to prevent the attacks of an adversary. To the best of our knowledge, up to now, only two privacy‐preserving authentication schemes can provide a posteriori countermeasures and a priori countermeasures. But, the computational cost of verifying a signature is relatively high or security proof of the scheme is loose in the two schemes. In this paper, we propose two novel privacy‐preserving authentication schemes. The first one cannot only provide a posteriori and a priori countermeasures, but also has low computational cost in the verification phase and tight security proof. The second one can achieve batch verification on multiple messages. Comparison with Wu et al.'s scheme and Chen et al's scheme, our scheme shows higher efficiency in terms of the computational cost of verifying signature.Copyright © 2013 John Wiley & Sons, Ltd.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.     

Distributed fuzzy logic based energy‐aware and coverage preserving unequal clustering algorithm for wireless sensor networks

In an energy‐constrained wireless sensor networks (WSNs), clustering is found to be an effective strategy to minimize the energy depletion of sensor nodes. In clustered WSNs, network is partitioned into set of clusters, each having a coordinator called cluster head (CH), which collects data from its cluster members and forwards it to the base station (BS) via other CHs. Clustered WSNs often suffer from the hot spot problem where CHs closer to the BS die much early because of high energy consumption contributed by the data forwarding load. Such death of nodes results coverage holes in the network very early. In most applications of WSNs, coverage preservation of the target area is a primary measure of quality of service. Considering the energy limitation of sensors, most of the clustering algorithms designed for WSNs focus on energy efficiency while ignoring the coverage requirement. In this paper, we propose a distributed clustering algorithm that uses fuzzy logic to establish a trade‐off between the energy efficiency and coverage requirement. This algorithm considers both energy and coverage parameters during cluster formation to maximize the coverage preservation of target area. Further, to deal with hot spot problem, it forms unequal sized clusters such that more CHs are available closer to BS to share the high data forwarding load. The performance of the proposed clustering algorithm is compared with some of the well‐known existing algorithms under different network scenarios. The simulation results validate the superiority of our algorithm in network lifetime, coverage preservation, and energy efficiency.     

从电子病历的发展历程谈医疗安全管理中的风险管理

随着科学技术的不断发展,我国医疗机构对信息技术的应用也越来越广泛,其中电子病历的应用就是一个重要体现。电子病历是一种较为先进的医疗信息管理技术,对医疗机构的病历管理的规范化和科学化有重要作用,其在我国的应用越来越广泛。本文主要分析了国内外的电子病历发展现状,从安全性和隐私性角度阐释了电力病历带来的医疗风险管理,并提高了相关的风险防范措施,旨在对我国的电子病历风险管理提供相关建议。     

Energy‐aware cross‐layer resource allocation in mobile cloud

This paper proposed an energy‐aware cross‐layer mobile cloud resource allocation approach. In this paper, a hybrid cloud architecture is adopted for provisioning mobile service to mobile device users, which include nearby local cloud and remote public cloud. The computation‐intensive tasks can be processed by the remote public cloud, while the delay‐sensitive computation can be processed by the nearby local cloud. On the basis of the system context and mobile user preferences, the energy‐aware cross‐layer mobile cloud resource allocation approach can optimize the consumption of cloud resource and system performance. The cooperation and collaboration among local cloud agent, public cloud supplier, and mobile cloud user are regulated through the economic approach. The energy‐aware cross‐layer mobile cloud resource allocation is performed on the local cloud level and the public cloud level, which comprehensively considers the benefits of all participants. The energy‐aware cross‐layer mobile cloud resource allocation algorithm is proposed, which is evaluated in the experiment environment, and comparison results and analysis are discussed.